CVE-2024-0450
Medium Severity
SVRS
30/100
CVSSv3
6.2/10
EPSS
0.00149/1
CVE-2024-0450: CPython zipfile module vulnerable to "quoted-overlap" zip bombs. This vulnerability affects multiple versions, enabling creation of highly compressed zip archives leading to potential denial-of-service. Specifically, the CPython zipfile module in versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior, can be exploited. While the CVSS score is 6.2, SOCRadar's Vulnerability Risk Score (SVRS) is 30 indicating a low level of active threat intelligence currently. Successful exploitation results in excessive resource consumption due to the zip bomb. Patches address this by rejecting archives with overlapping entries, mitigating the risk.
TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-03-19
LAST MODIFIED2025-04-11
Indicators of Compromise
No IOCs found for this CVE
Exploits
No exploits found for this CVE
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
News
USN-7212-1: Python 2.7 vulnerabilities
2025-01-16
USN-7212-1: Python 2.7 vulnerabilities | It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-45061) It was discovered that Python incorrectly handled certain crafted ZIP files. An attacker could possibly use this issue to crash
ubuntu.com
rss
forum
news
USN-6891-1: Python vulnerabilities
2024-07-11
USN-6891-1: Python vulnerabilities | It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. (CVE-2015-20107) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat’s hash salt. A remote attacker could possibly use this issue to
ubuntu.com
rss
forum
news
CVE-2024-0450 | CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2 on zipfile ZIP Bomb amplification
vuldb.com2024-05-02
CVE-2024-0450 | CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2 on zipfile ZIP Bomb amplification | A vulnerability, which was classified as problematic, has been found in CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2 on zipfile. This issue affects some unknown processing. The manipulation leads to asymmetric resource consumption. The identification of this vulnerability is CVE-2024-0450. An attack has to be approached locally. There is no exploit available. It is recommended to apply
cve-2024-0450
domains
urls
cves
Social Media
Lambda Watchdog
@LambdaWatchdog
🚨 Lambda Watchdog detected a new MEDIUM severity CVE 🚨
CVE-2024-0450 was detected in the latest AWS Lambda image scan affecting the python package in 18 images. Check the full report 👉 https://t.co/6EUGaPyRZk
#AWS #Lambda #CVE #CloudSecurity #Serverless
0
0
0
Affected Software
No affected software found for this CVE
References
| Reference | Link |
|---|---|
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/ |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/python/cpython/issues/109858 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://security.netapp.com/advisory/ntap-20250411-0005/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.bamsoftware.com/hacks/zipbomb/ |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/03/20/5 |
| [email protected] | https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 |
| [email protected] | https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba |
| [email protected] | https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 |
| [email protected] | https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 |
| [email protected] | https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 |
| [email protected] | https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 |
| [email protected] | https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b |
| [email protected] | https://github.com/python/cpython/issues/109858 |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html |
| [email protected] | https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/ |
| [email protected] | https://mail.python.org/archives/list/[email protected]/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ |
| [email protected] | https://www.bamsoftware.com/hacks/zipbomb/ |
CWE Details
| CWE ID | CWE Name | Description |
|---|---|---|
| CWE-405 | Asymmetric Resource Consumption (Amplification) | Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. |
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.
Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence